Hello all Romanian Crackers, Hello all Crackers, ..::Calculici::.. FROM ONE NEWBIE TO ANOTHER CD Tutor Nr. 4 Program: Septerra Core V1.0 Protection: CD-Check Level: Beginner Tools: W32Dasm 8.93 Hiew 6 Brain A cool drink. E-mail: calculici83@yahoo.com DISCLAIMER This reading material is not intended to violate Copyrights and/or it is law, but educational purposes only. I hold no responsibility ( by all means and in any shape whatsoever ) of the mis-used of this material. FIRST OF ALL We make the LARGE installation of 461MB, not the COMPLETE installation of 553MB. OK. After the install remove the CD. STARTING Launch the game without the CD in the drive and you will get this message: "Please ensure that the CD is in the drive" OK. Remember this and open W32DASM and disassemble the file "septerra.exe". Wait a few seconds or minutes, and click on the String Data References(SDR). Look for the message. Double-click on it. And you will land here: * Referenced by a CALL at Addresses: |:00443918 , :00444276 | * Possible StringData Ref from Data Obj ->"Please insure that the CD is in " ->"the drive" | :00444290 68C8604800 push 004860C8 :00444295 E826000000 call 004442C0 :0044429A 59 pop ecx :0044429B C3 ret OK. There are two CALL's 443918 AND 444276. Let's check the first one. Go to the "Go" menu and press goto Code Location and enter 443918.You will land here: :004438AA C1E104 shl ecx, 04 :004438AD 3BC3 cmp eax, ebx :004438AF 898124104C00 mov dword ptr [ecx+004C1024], eax :004438B5 0F8592000000 jne 0044394D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00443947(C) | :004438BB F6812C104C0001 test byte ptr [ecx+004C102C], 01 :004438C2 0F8585000000 jne 0044394D :004438C8 E8C64E0200 call 00468793 :004438CD 833802 cmp dword ptr [eax], 00000002 :004438D0 CC int 03 :004438D1 46 inc esi :004438D2 E8BC4E0200 call 00468793 :004438D7 83380D cmp dword ptr [eax], 0000000D :004438DA CC int 03 :004438DB 3CE8 cmp al, E8 :004438DD B24E mov dl, 4E :004438DF 0200 add al, byte ptr [eax] :004438E1 8B10 mov edx, dword ptr [eax] :004438E3 52 push edx :004438E4 E8E74D0200 call 004686D0 :004438E9 83C404 add esp, 00000004 :004438EC 50 push eax :004438ED E8A14E0200 call 00468793 :004438F2 8B00 mov eax, dword ptr [eax] :004438F4 8D4C2414 lea ecx, dword ptr [esp+14] :004438F8 50 push eax :004438F9 51 push ecx * Possible StringData Ref from Data Obj ->"Unable to open %s" | :004438FA 68B05E4800 push 00485EB0 :004438FF 68201F4D00 push 004D1F20 :00443904 E82F3B0200 call 00467438 :00443909 68201F4D00 push 004D1F20 :0044390E E88D090000 call 004442A0 :00443913 83C418 add esp, 00000018 :00443916 EB05 jmp 0044391D :00443918 E873090000 call 00444290 <--This is the call * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00443916(U) See the conditional JUMP at 4438B5. If we did change this jump we could bypass the CD-Check routine. OK. There are two ways of dealing with it. First: turn the JNE into JE. That means turning 0F85 into 0F84. Second: turn the JNE into JMP. This means turning 0F8592000000 to E99300000090 Be sure that the highlighted line is: :004438B5 0F8592000000 jne 0044394D and look at the bottom of the page to see the offset. For me it was 438B5. Remember this and launch HIEW. Open the file "septerra.exe" press ENTER (twice) to enter the Decode Mode. Press F5 and enter 438B5. Press F3 and change the bytes in one of the two ways you want. Personally I recomend the Second approch. So change 0F8592000000 to E99300000090. OK. Now run the game and what do you now. It doesn't ask for the CD. FINAL WORDS Hope you liked this tutorial. GREETS +Dza Kraker(Regele Piratilor) <--You showed me the way man Xasx <--Thanx for publishing my tuts My mom <--I will always love you My girlfriend <--Oh, you are so far My dad <--My dad is my tester My collegs <--I made some cracks for them ENDer 2000 <--The site where I realese my cracks TNT <--For it is a real pleasure to watch this guys and to be friends with them tKC <--You got me hooked on, on this Phrozen Crew <--You were the best LaZaRuS <--He helped me too Corneliu Vadim Tudor <--Hope he wont pe president in my country All of you <--The ones who try doing something with their life The rest <--Hope I didn't forget no one Dragos <--For the CD with Septerra Core <<--Everything starts from a ZERO-->> E-mail: calculici83@yahoo.com Name: Calculici